Security News > 2022 > January > Critical Cisco StarOS Bug Grants Root Access via Debug Mode

Critical Cisco StarOS Bug Grants Root Access via Debug Mode
2022-01-20 19:35

Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company's StarOS debug services.

Cisco pushed out a fix for its Cisco StarOS Software on Wednesday.

Cisco StarOS Software works with Cisco ASR 5000 devices to operate virtual mobile networks for enterprises and service providers.

In addition to the fix for its Cisco StarOS Software debug service, Cisco also provided the following trio of security updates for mobile network operators running both Cisco hardware and software for virtualization.

Other Cisco products that are running an outdated version of the Cisco Unified Threat Defense Snort Intrusion Prevention System Engine for Cisco IOS XE Software or Cisco UTD Engine for Cisco IOS XE SD-WAN Software are also vulnerable, which could include Cisco routers and edge platforms, the company warned.

If successful, the attacker could gain access with the ConfD privilege access, which is typically root access, Cisco warned.


News URL

https://threatpost.com/critical-cisco-staros-bug-root-access-debug-mode/177832/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751